1. Manuals
  2. Brands
  3. Net Optics Manuals
  4. Network Hardware
  5. Smart Filtering none
  6. User manual

Net Optics Smart Filtering none User Manual

Smart filtering appliance
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
A
B
A
2
B
1
www.netoptics.com
Analyzer 1
IDS
Analyzer 2
Forensic
RMON 1
RMON 2
*** Confidential - DO NOT Distribute ***
"Smart Filtering" Appliance

User Guide

Doc. PUBDIRU Rev. 2, 9/08

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the Smart Filtering none and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Net Optics Smart Filtering none

Summary of Contents for Net Optics Smart Filtering none

  • Page 1: User Guide

    www.netoptics.com Analyzer 1 Analyzer 2 Forensic RMON 1 RMON 2 *** Confidential - DO NOT Distribute *** User Guide "Smart Filtering" Appliance Doc. PUBDIRU Rev. 2, 9/08...
  • Page 2 Trademarks and Copyrights © 2008 by Net Optics, Inc. Net Optics is a registered trademark of Net Optics, Inc. Director is a trademark of Net Optics, Inc. Additional company and product names may be trademarks or registered trademarks of the individual companies and are respectfully acknowledged.

  • Page 3: Table Of Contents

    Chapter 1 Introduction ... 1 Key Features ................2 About this Guide .
  • Page 4 Create Complex Filters ..............29 View filters .

  • Page 5: Chapter 1 Introduction

    Net Optics Director is a key component for building a comprehensive, consolidated monitoring infrastructure for both network management and security. It extends the range of visibility for data monitoring across converged data and digital voice networks, while eliminating monitoring port contention and minimizing the number of tools needed to optimally manage the network.

  • Page 6: Key Features

    Unsurpassed Support • Net Optics offers technical support throughout the lifetime of your purchase. Our technical support team is available from 8:00 to 17:00 Pacific Time, Monday through Friday at +1 (408) 737-7777 and via e-mail at ts-support@netoptics.com. FAQs are also available on Net Optics Web site at www.netoptics.com.

  • Page 7: About This Guide

    About this Guide Please read this entire guide before installing Director. This guide applies to the following part numbers: Chassis Part Number Description DIR-3400 Director Main Chassis with 10 SFP monitor ports DIR-____ Director Main Chassis with 10 SFP monitor ports, -48VDC power DIR-7400 Director Main Chassis with 10 SFP monitor ports, 2 XFP 10GbE ports, 2 XFP uplink ports DIR-____...

  • Page 8: Director Architecture

    Director Architecture The following diagram shows a schematic view of the architecture of the Director device shown as a Matrix Switch with filtering. The black dots indicate aggregating Matrix Switch connections between Network Ports and Monitor Ports. n1.1 n1.3 DNM with 6 in-line n1.5 network ports...

  • Page 9: Usb Port

    —A Web-browser based tool to manage a single Director (at a time) from anywhere in the world • System Manager —An SNMP platform-based tool to mange all the Director and other Net Optics iTap-enabled devices on your network *** Confidential - DO NOT Distribute ***...

  • Page 10: Typical Application

    Typical Application The following diagram shows a typical application using Director to implement a comprehensive, consolidated monitoring infrastructure. www.netoptics.com Analyzer 1 Analyzer 2 Forensic RMON 1 RMON 2 Figure 2: Director-centric network monitoring infrastructure In this example, eight network links are monitored by six monitoring devices. The company's external access is protect- ed by a firewall, shown in the upper left of the diagram.

  • Page 11: Monitoring Tools

    Director In this installation, Director has ten additional Span ports and one in-line link that are available for expansion, when more links need to be monitored. Monitoring Tools Still referring to Figure 2, six monitoring tools are connected to Director. They include protocol and performance analyzers, RMON probes, and an intrusion detection system (IDS).

  • Page 12: In-Line Monitoring Of 10 Gigabit Links

    In-line Monitoring of 10 Gigabit Links To create an in-line link on a 10 Gigabit network segment, use and external iBypass Switch or network Tap. These two methods are explained in the following sections. iBypass Switch Method One method for creating a fail-safe, passive in-line 10 Gigabit network connection with Director is to use an external iBypass Switch, as shown in the following diagram.

  • Page 13: Director Front Panel

    Director Front Panel The features of the Director front panel are shown in the following diagram. 10 SFP Monitor Ports Director ™ www.netoptics.com Power LEDs Monitor Ports Figure 6: Director Front Panel Monitor Port LEDs Each Monitor port has two light-emitting diode (LED) indicators. The Link LED is illuminated when a link is estab- lished.

  • Page 14: Director Rear Panel

    Director Rear Panel The features of the Director rear panel are shown in the following diagram. Management USB Port Port RS232 Management Port RS-232 Port Figure 7: Director Rear Panel Major features of the rear panel include: • USB Port —Reserved for future functionality •...

  • Page 15: Chapter 2 Installing Director

    This chapter describes how to install and connect Director devices. The procedure for installing Director follows these basic steps: Plan the installation Unpack and inspect the Director device Install the DNM modules Install the SFP and XFP modules Rack mount the Director device Connect power to Director Connect the command line interface (CLI) RS-232 DB9 port or the Management port Log into the CLI...

  • Page 16: Plan The Installation

    • Extended Warranty if purchased Check the packing slip against parts received. If any component is missing or damaged, contact Net Optics Customer Service immediately at +1 (408) 737-7777. (Note: XFP modules are ordered and shipped separately.) a range of IP addresses if you are deploying multiple Director devices...

  • Page 17: Install Director Network Modules

    Install Director Network Modules If the Director Network Modules (DNMs) are not already installed when you receive the unit, install them by sliding them into the DNM slots in the front panel. (If there is a plate covering the DNM slot, remove it by unscrewing two thumb-screws, and then install the DNM module.) The DNM circuit boards ride in the rails provided in the slots.

  • Page 18: Connect Power To Director

    Connect Power to Director For power fault protection, Director is equipped with redundant power connections. If one power source becomes unavailable due to an interruption in AC power or failure of the power brick, the other power source keeps Director operating normally.

  • Page 19: Connect The Remote Cli Interface

    8 data bits No parity 1 stop bit No flow control The Net Optics CLI banner and login prompt are displayed in the Terminal Emulation software. ********************************************************** Net Optics Command Line Interface (CLI) Copyright (c) 2008 by Net Optics, Inc. Restricted Rights Legend...

  • Page 20: Log Into The Cli

    Last login: Thu Sep 4 09:40:31 2008 from 10.30.1.62 ********************************************************** Net Optics Command Line Interface (CLI) Copyright (c) 2008 by Net Optics, Inc. Restricted Rights Legend * Use, duplication, or disclosure by the Government is * * subject...

  • Page 21: Configure Director Using The Cli

    Your CLI screen should be displaying the "Net Optics:" prompt as shown here: Net Optics> If you do not see the "Net Optics>" prompt, try typing Help followed by the Enter key. If the prompt is still not dis- played, repeat the instructions in the preceding section and log in again.
  • Page 22 Assign a New Director IP Address, Netmask, and Gateway IP Address If you are using the local RS-232 serial interface to access the CLI, then you need to configure the IP Address that Compass management software, when available, will use to communicate with Director. If Director must communicate through a Gateway to reach the network, then set the Gateway IP Address for that Gateway.
  • Page 23 Tip! ___________________________________________________________________________________________________ You can change the modes of multiple ports in a single command by specifying the ports in the portlist. Use a comma to separate items in the list, and use a dash (-) to indicate a range. For example, this portlist includes the first three ports in DNM 1 and the first port in DNM 2: ports=n1.1-n1.3,n2.1 ________________________________________________________________________________________________________ Set the Current Date and Time...
  • Page 24 Using the CLI Help Command To view CLI help information: Help at the "Net Optics:" prompt. The list of help topics is displayed. Enter Net Optics> help ![#] commit date filter help history image list load logout module passwd ping...

  • Page 25: Using The Cli Command History Buffer

    Net Optics> show show name - show all files 'name' Net Optics> list current config file: lannie_090208 Net Optics> help ping ping ipaddr - ping 'ipaddr' Net Optics> sysip show Network Interface Info: Ipaddr: 10.60.4.180 NetMask: 255.0.0.0...

  • Page 26: Connect Span Ports To Director

    Connect Span Ports to Director To connect Director to the network using Span ports, be sure that at least one of your DNMs is a Span model. Use ports in that DNM to connect to the network. Span port numbering is shown in the following diagram. It is the same for Span DNMs and in-line DNMs. Port # n1.1 Span 10/100/1000...

  • Page 27: Connect Director With In-Line Network Links

    Connect Director With In-line Network Links To connect Director to the network using an in-line installation, be sure that at least one of your DNMs is an in-line model. Tap port-pairs for each link are located side by side, with three links across the top row and three links across the bottom row.

  • Page 28: Connect Monitoring Tools To Director

    Director ™ www.netoptics.com Figure 21: In-line Network connections Connect Monitoring Tools to Director To connect a monitoring tool to Director, simply plug the appropriate cable into the desired 1 Gigabit or 10 Gigabit Monitor port and plug the other end into the monitoring tool. The Link LED for the port should illuminate after a short delay to indicate that a link has been established.

  • Page 29: Chapter 3 Configuring Filters Using The Cli

    This chapter describes how to use the CLI to determine which monitoring tools are connected to which Network ports. It also explains how to create filters to limit the amount of traffic copied to Monitor ports, so the monitoring tools receive only the traffic that is of interest to them.

  • Page 30: Copy Traffic From Any Network Port To Any Monitor Port

    When you define a filter, you specify and action to be taken when the filter conditions are met. The action can be either drop or redir (meaning redirect). If the action is drop, then packets which meet the filter criteria are dropped, that is, they are not copied to any Monitor port.

  • Page 31: Regenerate Traffic To Any Set Of Monitor Ports

    Network Port 1 Network Port 2 lter add in_ports=n1.1,n1.2 action=redir redir_ports=m.3 Figure 23: Traffic aggregation Regenerate Traffic to Any Set of Monitor Ports Director can be used like a Regeneration Tap, copying traffic from a Network port (or aggregated group of Network ports) to multiple Monitor ports.

  • Page 32: Create Filters

    Create Filters Filters process a traffic stream by selecting packets based on criteria in the packet header. A filter is defined using a filter add command, which also specifies the Network ports and Monitor ports the filters apply to. The filter add command specifies the following behavior: •...

  • Page 33: Create Complex Filters

    • ip_dst IP destination address • ip_dst_mask IP source address mask • ip_proto IP protocol • l4_src_port Layer 4 source port • l4_dst_port Layer 4 destination port • vlan VLAN number Create Complex Filters Multiple filter parameters can be specified in a single filter add command. Packets must satisfy all of the filter parameters to be selected;...

  • Page 34: View Filters

    Figure 29: Logical OR filter connection View filters To view a list of all pending filters, enter filter list. To view the active filters, enter filter running. Net Optics> filter list 001 ip_src=00000000/ffffffff,ip_dst=00000000/ffffffff,ip_proto=0000 l4_src_port=0080,l4_dst_port=0000,vlan=0000,action=3 in_ports=01 redir_ports=13...

  • Page 35: Work With Configurable 10 Gigabit Ports

    Work with configurable 10 Gigabit ports The two configurable 10 Gigabit XFP ports on the front panel are designated t.1 (on the left) and t.2 (on the right). They can be used in network port lists and monitor port lists. The 10 Gigabit ports are configured for Network or Monitor as required by the filter add commands you enter.
  • Page 36 Network Port 1 Network Port 2 XFP Port 1 Network Port 3 Network Port 4 Network Port 11 XFP Port 2 lter add in_ports=n1.1-n1.4 action=redir redir_ports=t.1 lter add in_ports=n1.11 action=redir redir_ports=t.2 Figure 32: Configurable 10 Gigabit XFP ports used as Monitor ports (with aggregation) To use one XFP port as a Span port and the other XFP port as a Monitor port: Enter filter add in_ports=t.1 ip_proto=6 action=redir redir_ports=m.1.

  • Page 37: Understand Filter Interactions

    Understand filter interactions It is important to understand that Director uses Content Addressable Memory (CAM) technology to implement filters. As each filter is defined, it is stored in the next available entry in the CAM. Each packet header is compared in the CAM, and the CAM returns the index of the first filter that the packet header matched.
  • Page 38 Have we achieved our goal of sending all the TCP traffic to Monitor Port 2? Not quite. What happens when an TCP packet arrives from 192.186.10.0? It matches the filter at CAM address 1, so it is copied to Monitor Port 1. But that is all that happens;...
  • Page 39 Note: __________________________________________________________________________________________________ Instead of filter add, you can use a filter ins command to define filters. The only difference is that filter ins allows you to specify the filter's ID, which is its position in the pending filter list. (Use filter list so see the IDs of all pending filters.) When you use a filter ins command, the first parameter must be id=<id>...

  • Page 40: Understand Pending And Active Filters

    A common workflow for changing the Director filter configuration might be as follows. To change the Director filter configuration: Pending filter list Address Filter Figure 39: Starting state Enter filter running to view the currently active filters in the CAM. Net Optics> filter running 001 ip_src=00000000/ffffffff,ip_dst=00000000/ffffffff,ip_proto=0017 l4_src_port=0000,l4_dst_port=0000,vlan=0000,action=1 in_ports=00 002 ip_src=00000000/ffffffff,ip_dst=00000000/ffffffff,ip_proto=0000 l4_src_port=0000,l4_dst_port=0000,vlan=0000,action=3 in_ports=00 redir_ports=12 Net Optics>...
  • Page 41 Figure 42: Filter 1 has been changed and filter 3 has been added filter list to view the pending filter list. Enter Net Optics> filter list 001 ip_src=00000000/ffffffff,ip_dst=00000000/ffffffff,ip_proto=0006 l4_src_port=0000,l4_dst_port=0000,vlan=0000,action=1 in_ports=00 002 ip_src=00000000/ffffffff,ip_dst=00000000/ffffffff,ip_proto=0000 l4_src_port=0000,l4_dst_port=0000,vlan=0000,action=3 in_ports=00 redir_ports=12...

  • Page 42: User Interactions

    Be aware of these similar pairs of commands: • filter discard clears the pending filter list, while filter clear clears the CAM • filter list shows the pending filter list, while filter running shows the CAM • filter commit copies the pending filter list to the CAM, while filter sync copies the CAM to the pending filter list Pending filter list Address Filter...

  • Page 43: Daisy-Chaining Multiple Director Chassis

    Director Chapter 4 Daisy-chaining Multiple Director Chassis This chapter describes how to expand the capacity of Director by daisy-chaining multiple Director chassis. The complete set of chassis becomes a single logical system with up to 380 total ports. By using long-reach ER links, chassis can be physically separated by as much as 25 miles (40 kilometers), enabling monitoring of entire campuses or multiple campuses with a single Director system.

  • Page 44: Appendix A Director Specifications

    Internal disk drive: 2.5-inch, SATA, 30 Gigabyte, 5400 RPM Software Net Optics Web Manager—compatible with all major Web browsers Net Optics System Manager—compatible with Windows XP, Windows 2000, and Windows 98 SNMP v3 support Director Specifications *** Confidential - DO NOT Distribute ***...

  • Page 45: Available Models

    Specifications, DNM Copper Interface (12) RJ45 Network Ports 10/100/1000Mbps (6) In-line links or (12) Span ports depending on model 22-24 AWG unshielded twisted pair cable, CAT5e or better recommended Fiber Optic Interface (12) Gigabit SX, LX, or ZX Network Ports, LC type (6) In-line links or (12) Span ports depending on model Fiber Types: Corning Multimode 62.5/125μm Corning Multimode 50/125μm...

  • Page 46: Command Line Interface

    Tip! ___________________________________________________________________________________________________ The command line interface (CLI) is not case sensitive. ________________________________________________________________________________________________________ Port numbering: • Network ports are numbered Ns.p where • s is the DNM module (1 or 2; 1 is on the left, 2 is on the right) •...
  • Page 47 Command Sub-Command Parameters filter ipv6=< y | n > in_ports=<network_portlist>* <qual>=<value> action=< redir | drop > redir_ports=<monitor_portlist> Notes: The command may include any number of <qual>, up to the limit of Director's filter resources (approximately 1,000 <qual> per chassis) The action=< redir | drop > parameter is required If action=redir, then redir_ports=<monitor_portlist>...
  • Page 48 Command Sub-Command Parameters filter list ipv6=< y | n > (continued) running ipv6=< y | n > sync help <command> history image < 1 | 2 > list load <filename>* logout module show Example and description filter list Parameters: ipv6=y for IPv6 addressing; ipv6=n for IPv4 ad- dressing (defaults to IPv4 if parameter is omitted) Displays all pending filters (with filter IDs) filter running...
  • Page 49 Command Sub-Command Parameters passwd ping <address>* port ports=<portlist>* autoneg=< on | off > duplex=< full | half > speed=< 10 | 100 | 1000 > show quit restart save show <filename>* stats clear ports=all|<[portlist> show ports=all|<[portlist> Example and description passwd Interactively changes the password of the SSH user account ping 10.1.1.4...
  • Page 50 Command Sub-Command Parameters sysip commit ipaddr=<address> netmask=<netmask> gw=<gateway> show time <time> upgrade srvip=<svrip> user=<username> pw=<passwd> filename=<filename> Example and description sysip commit Activates pending changes defined with sysip set sysip ipaddr=192.168.1.2 netmask=255.255.0.0> Parameters: <address> is the IP address (default: 192.168.1.2) <netmask> is the netmask (default: 255.0.0.0) <gateway>...
  • Page 51 Command Sub-Command Parameters user show This command name=<username>* is only pw=<password> available priv=<level> at root level Notes: All three parameters are required, and they must be in the order shown name=<username> name=<username> pw=<password> priv=<level> Example and description user show Lists all the currently defined user accoounts This command is only available at root level user add name=bob pw=bob-pw priv=3 Parameters:...

  • Page 52: Filter Parameters

    Filter parameters Switches and filters are defined using the filter add and filter ins commands. The filter add command syntax is: filter add in_ports=<portlist> <filter_parameter_list> action=<redir|drop> redir_ports=<portlist> The <filter_parameter_list> is a sequence of zero or more of the filter qualifiers as listed in the following table. If the <filter_parameter_list>...

  • Page 53: Appendix C Protocol Numbers

    The official Assigned Internet Protocol Numbers list is maintained by the Internet Assigned Numbers Authority and can be found at http://www.iana.org/assignments/protocol-numbers. The list as of April 18, 2008 is reproduced in the following table (without references). Keyword Protocol HOPOPT IPv6 Hop-by-Hop Option ICMP Internet Control Message IGMP...
  • Page 54 Keyword Protocol MOBILE IP Mobility TLSP Transport Layer Security Protocol using Kryptonet key management SKIP SKIP IPv6- ICMP for IPv6 ICMP IPv6- No Next Header for IPv6 NoNxt IPv6-Opts Destination Options for IPv6 any host internal protocol CFTP CFTP any local network SAT- SATNET and Backroom EXPAK...
  • Page 55 Keyword Protocol L2TP Layer Two Tunneling Protocol D-II Data Exchange (DDX) IATP Interactive Agent Transfer Protocol Schedule Transfer Protocol SpectraLink Radio Protocol Simple Message Protocol Performance Transparency Protocol ISIS over IPv4 FIRE CRTP Combat Radio Transport Protocol CRUDP Combat Radio User Data- gram SSCOP- IPLT...

  • Page 56: Limitations On Warranty And Liability

    Net Optics, Inc. warrants this Tap to be in good working order for a period of ONE YEAR from the date of purchase from Net Optics or an authorized Net Optics reseller.
  • Page 57 © 2008 by Net Optics, Inc. All Rights Reserved.

This manual is also suitable for:

Director

Table of Contents